Fed should lead cyber defense for financial industry, banks say

U.S. banks urged the Federal Reserve to take the lead in defending the financial services industry from cyber attacks by working with federal counterterrorism, intelligence and law enforcement agencies, documents show.

Bank representatives on the Federal Advisory Council said at their last gathering on Feb. 8 in Washington that the Fed should collect and distribute threat information to lenders, law enforcement, securities exchanges and clearinghouses, according to meeting minutes obtained today through a Freedom of Information Act request by Bloomberg News.

Lenders said cybersecurity is “a critical issue for the industry and the financial system” and that they are stepping up plans to mitigate incursions after recent attacks, minutes showed. Some institutions received assistance from the Treasury Department and National Security Agency, the records show.

“The Fed is already well equipped to play a role in sharing sensitive information among banks without disclosing commercially sensitive data,” bankers said, according to the minutes. The Fed should offer “advisory services as a trusted interlocutor between banks and other government agencies in relaying selected threat information to the banking community.”

Bankers said the Fed should coordinate between lenders, regulators, and intelligence agencies to protect the financial system and set up a central source of information on attacks. They said the Fed should provide financial expertise to the Federal Bureau of Investigation and Department of Homeland Security, and work with other agencies to ensure they don’t establish duplicative regulatory requirements, minutes show.

Intelligence Officials

U.S. lawmakers are renewing a push to pass cybersecurity legislation following warnings by intelligence officials that electronic attacks could disrupt banks, telecommunications, utilities and other services. Congress last year failed to pass cybersecurity legislation that had bipartisan support.

Banks have been targeted by attacks known as distributed denial-of-service, or DDoS, in which hackers flood a computer system with information to shut it down. While lenders have acknowledged the attacks damaged their websites, hackers reached deeper than institutions have said, according to research by Symantec Corp., the Mountain View, California-based information security company that investigated the incidents.

Symantec’s findings show that the attacks, which have been a threat for years, have evolved from nuisances causing temporary website outages into robbing banks. Hackers drained $9 million in two hours from one European bank’s automated teller machines in 46 cities, Symantec said. Tens of millions of dollars were stolen from a dozen European banks in the past year in this way.